Re: pull vs push (was Re: [bk patch] Make cardbus compile in -pre4)

Re: pull vs push (was Re: [bk patch] Make cardbus compile in -pre4)

[Terje Malmedal]

[Larry McVoy]
> This is my problem.  You could help if you could tell me what exactly 
> are the magic wands to wave such that you can ssh in without typing
> a password.  I know about ssh-agent but that doesn't help for this, 
> I know that in certain cases ssh lets me in without anything.  I thought
> there was some routine where you ssh-ed one way and then the other way
> and it left enough state that it trusted you, does any ssh genuis out 
> there know what I'm talking about?  If I have this, I can set up the
> cron job, I'm sure this is obvious and I'm just overlooking something
> but I can't find it.

When I'm paranoid I do something like this: 

Source host: 
$ ssh-keygen -t dsa -b 2048 -f keyfile -P ""

on the target add a line to ~someuser/.ssh/authorized_keys2: 

from="allowed.hostname",command="/some/command" ssh-dss AA[and the rest of keyfile.pub]

/some/command looks like this: 
#!/bin/sh
if cd /target ; then
:
else
  echo FAILED1
  exit
fi
if cat > filename ; then
:
else
  echo FAILED4
  exit
fi
if [ \! -s filename ] ; then
  echo FAILED2
  exit
fi
prev=".9"
for i in  .8 .7 .6 .5 .4 .3 .2 .1 ""; do
  mv filename$i filename$prev >/dev/null 2>&1
  prev=$i
done
if mv filename.transport filename ; then
  check=`sum -r filename | awk '{print $1}'`
  echo OK$check
  exit
fi
echo FAILED3

The command to send the file is typically: 
#!/bin/sh
check=`sum -r /file/to/send | awk '{print $1}'`
reply=`(cat /file/to/send ; sleep 5 ) | \
   ssh -l someuser -i keyfile target "echo hello there"`
if [ "x$reply" = "xOK$check" ] ; then
  echo Copy OK $check
else
  echo COPY NOT OK. Please do something. 
fi


-- 
 - Terje
malmedal@usit.uio.no

Re: pull vs push (was Re: [bk patch] Make cardbus compile in -pre4)

[Jesse Pollard]

---------  Received message begins Here  ---------

> 
> Hi!
> 
> > > I don't see why everyone who is using BK is expecting Linus to do a pull.
> > > In the non-BK case, wasn't it always a "push" model, and Linus would not
> > > "pull" from URLs and such?
> > 
> > I'm all for it.  I think it's a good thing.
> > 
> > In the absence of significant latency issues, pull scales better than push.  
> > It always has.  Push is better in low bandwidth situations with lots of idle 
> > capacity, but it breaks down when the system approaches saturation.
> > 
> > Pull data is naturally supplied when you're ready for it (assuming no 
> > significant latency to access it).  Push either scrolls by unread or piles up 
> > in your inbox and gets buried until it goes stale.  Web pages work on a pull 
> > model, "push" was an internet fad a few years ago that failed for a reason.  
> > When push models hit saturation it breaks down and you wind up with the old 
> > "I love lucy" episode with the chocolate factory.  Back in the days where 
> 
> What's "i love lucy" episode?

It is an old TV show showing a queue overflow - The chocolate machine was
producing candy faster than the personnell could handle and dispose of it.

I think it was being boxed - the skit starts out with the machine on slow,
and a brief training session by a supervisor. The supervisor verifies that
the candy was handled properly at the slow speed. Then she leaves. The
machine makes a sudden jump in production, close to the limit of the
personnel (Lucy and Vivian) who just manage to keep up.

Then the machine gradually increases the production rate. At first, they
toss exess in to another box, then start trying to eat it, then dropping
on the floor .... until the supervisor returns to turn off the maching.

-------------------------------------------------------------------------
Jesse I Pollard, II
Email: pollard@navo.hpc.mil

Any opinions expressed are solely my own.

[bk patch] Make cardbus compile in -pre4

[Patrick Mochel]

I broke cardbus compile in -pre4 on accident. Sorry about that...

(I don't have a public repository yet, so there's no place to pull form)

diffstat results: 
 drivers/pcmcia/cardbus.c |    3 +--
 1 files changed, 1 insertion, 2 deletions

ChangeSet
  1.231 02/02/08 18:22:27 mochel@segfault.osdlab.org +1 -0
  Doh! 
  struct device has no ->sysdata
  and ->device should be ->dev
   

  drivers/pcmcia/cardbus.c
    1.7 02/02/08 18:22:27 mochel@segfault.osdlab.org +1 -2
    Doh! 
    struct device has no ->sysdata
    and ->device should be ->dev
     


diff -Nru a/drivers/pcmcia/cardbus.c b/drivers/pcmcia/cardbus.c
--- a/drivers/pcmcia/cardbus.c	Fri Feb  8 18:23:08 2002
+++ b/drivers/pcmcia/cardbus.c	Fri Feb  8 18:23:08 2002
@@ -279,8 +279,7 @@
 		pci_readw(dev, PCI_DEVICE_ID, &dev->device);
 		dev->hdr_type = hdr & 0x7f;
 
-		dev->dev.parent = bus->device;
-		dev->dev.sysdata = bus->sysdata;
+		dev->dev.parent = bus->dev;
 		strcpy(dev->dev.name, dev->name);
 		strcpy(dev->dev.bus_id, dev->slot_name);
 		device_register(&dev->dev);

Re: [bk patch] Make cardbus compile in -pre4

[Andreas Dilger]

On Feb 08, 2002  18:25 -0800, Patrick Mochel wrote:
> (I don't have a public repository yet, so there's no place to pull form)

I don't see why everyone who is using BK is expecting Linus to do a pull.
In the non-BK case, wasn't it always a "push" model, and Linus would not
"pull" from URLs and such?  Why are people not simply doing:

!bk send -r+ (other options) - 

from within their editor (or equivalent) to inline the CSET in the email?
This has the added advantage that other people reading the email can also
import the CSET immediately if they so desire.

Cheers, Andreas
--
Andreas Dilger
http://sourceforge.net/projects/ext2resize/
http://www-mddsp.enel.ucalgary.ca/People/adilger/

pull vs push (was Re: [bk patch] Make cardbus compile in -pre4)

[Rob Landley]

On Friday 08 February 2002 10:39 pm, Andreas Dilger wrote:
> On Feb 08, 2002  18:25 -0800, Patrick Mochel wrote:
> > (I don't have a public repository yet, so there's no place to pull form)
>
> I don't see why everyone who is using BK is expecting Linus to do a pull.
> In the non-BK case, wasn't it always a "push" model, and Linus would not
> "pull" from URLs and such?

I'm all for it.  I think it's a good thing.

In the absence of significant latency issues, pull scales better than push.  
It always has.  Push is better in low bandwidth situations with lots of idle 
capacity, but it breaks down when the system approaches saturation.

Pull data is naturally supplied when you're ready for it (assuming no 
significant latency to access it).  Push either scrolls by unread or piles up 
in your inbox and gets buried until it goes stale.  Web pages work on a pull 
model, "push" was an internet fad a few years ago that failed for a reason.  
When push models hit saturation it breaks down and you wind up with the old 
"I love lucy" episode with the chocolate factory.  Back in the days where 
ethernet used hubs instead of switches, going over 50% utilization could lock 
the whole network pretty easily, and these days with switched gigabit 
eithernet you still have network interfaces going into interrupt livelock but 
able to handle a higher load in polling mode.  The Linux scheduler itself 
pulls tasks from a pool of runnable tasks.  If each task had a timer that 
expired generating an interrupt that pushed it to a processor, things 
wouldn't work so well.  (I could go on...)

Linus has actually been using his mailbox to simulate pull by keeping the 
push model at saturation and having repeated retransmits of stuff he expects 
to repeatedly delete until he's ready to reach out and grab it as it passes 
by when the time is right.  The flood he's plucking stuff from is his inbox 
instead of the internet, but the fact remains 90% of it flows by unread 
(wasting attention to delete it, a small amount but it adds up), and isn't 
guaranteed to be there when he IS ready for it.

Humans naturally work by pull.  It just works better to grab stuff out of the 
fridge when you're hungry instead of having it crammed down your throat at 
random.  Push winds up going into a buffer which we pull from (which is how 
mail works), and if that buffer overflows during load spikes, or is just 
constantly filling faster than it drains in the long term, then you wind up 
retransmitting stuff that got dropped (increasing the bandwidth usage) and it 
all just falls apart...

Years ago, Linus wasn't regularly at saturation, so push was fine.  (Optimal 
even: interrupts are better than polling up until you approach livelock.)  
And with Linus's previous toolset, grabbing code from URLs was a significant 
interruption in his workflow, hence a bad thing.  But with bitkeeper, it 
isn't.  And if Linus is going to focus on taking the bulk of new patches from 
a dozen or so trusted lieutenants anyway, it makes sense for them to give him 
the option of a pull model.

I'd encourage this trend.  If in the future linus pulls from lieutenants and 
lieutenants pull from maintainers, the dropped patches problem basically goes 
away.  Just make sure that when the level above you IS ready to take it from 
your level, it's there and ready for them...

Rob

Standard disclaimer: it's 4:30am, who knows how much sense this will make in 
the morning? :)

Re: pull vs push (was Re: [bk patch] Make cardbus compile in -pre4)

[Andreas Dilger]

On Feb 09, 2002  04:27 -0500, Rob Landley wrote:
> On Friday 08 February 2002 10:39 pm, Andreas Dilger wrote:
> > I don't see why everyone who is using BK is expecting Linus to do a pull.
> > In the non-BK case, wasn't it always a "push" model, and Linus would not
> > "pull" from URLs and such?
> 
> I'd encourage this trend.  If in the future linus pulls from lieutenants and 
> lieutenants pull from maintainers, the dropped patches problem basically goes 
> away.  Just make sure that when the level above you IS ready to take it from 
> your level, it's there and ready for them...

OK, so Linus has been using BK for a couple of weeks now, and some of the
lieutenants have started setting up BK repositories at bkbits.net.  Is
there _any_ way that one can understand the heirarchy of repositories
at bkbits.net?  There's "linus", "linux", "linux25", and a bunch of other
obvious branch repositories.  Which one should kernel developers
clone/pull from?  It would be nice if there was a heirarchy or something
which showed the parent-child relationship.

I suppose (due to the BK design) that it is not fatal if you do your initial
clone from a URL that might go "dead" because you can always change your
parent URL and you haven't lost anything.

Clearly, all of the repositories need to start as clones of Linus'
repository, or there is no chance of them passing CSETs back and forth
among the developers.  Does the fact that 'linux-arm' is apparently not
a descendent from the 'official' linux-2.4 or linux-2.5 repository doom
that developer from not being able to send CSETs to any other kernel
developer or Linus?  Sure, they could send patches, but then they would
forever have to diff/patch and resolve conflicts on their end rather
than just pulling/pushing CSETs with all of the other kernel developers.

Cheers, Andreas
--
Andreas Dilger
http://sourceforge.net/projects/ext2resize/
http://www-mddsp.enel.ucalgary.ca/People/adilger/

Re: pull vs push (was Re: [bk patch] Make cardbus compile in -pre4)

[Stelian Pop]

On Sat, Feb 09, 2002 at 03:08:25AM -0700, Andreas Dilger wrote:

> OK, so Linus has been using BK for a couple of weeks now, and some of the
> lieutenants have started setting up BK repositories at bkbits.net.  Is
> there _any_ way that one can understand the heirarchy of repositories
> at bkbits.net?  There's "linus", "linux", "linux25", and a bunch of other
> obvious branch repositories.  Which one should kernel developers
> clone/pull from?  It would be nice if there was a heirarchy or something
> which showed the parent-child relationship.

The 'linus' one seems to be the parent, because if I try to pull from
it bk tells me that the tree is for the private use of Linus only.

And all the other 2.5 repositories seem to be slighly out of date
(the linux/linux-2.5 one is at -pre3 instead of -pre5 etc).

So, what is supposed to be the definitive, public bk repository, 
to pull from in order to have the latest changes ? (the one which will
go on bk.kernel.org eventually) 

Stelian.
-- 
Stelian Pop <stelian.pop@fr.alcove.com>
Alcove - http://www.alcove.com

Re: pull vs push (was Re: [bk patch] Make cardbus compile in -pre4)

[Linus Torvalds]

On Sat, 9 Feb 2002, Stelian Pop wrote:
>
> So, what is supposed to be the definitive, public bk repository,
> to pull from in order to have the latest changes ? (the one which will
> go on bk.kernel.org eventually)

Right now the "definitive" bk repository is on master.kernel.org, which
can only be accessed by people who have accounts there.

I also push it to my private version on bkbits.net, and it is supposed to
be automatically then pushed onwards to the public one that is at
http://linux.bkbits.net:8080/linux-2.5, but the infrastructure for that
isn't yet working.

NOTE! If you're working on something that doesn't absolutely need the
stuff in -pre5, you can (and should) just take the pre3 tree, and work
there. When I pull stuff from people I don't require that they be
up-to-date with me - one of the advantages of bk is that it's really easy
to merge stuff.

We'll get the official tree out in a more timely manner, one of the issues
is actually just the scalability of pushing to lots of developers for the
first time.

So if you're interested in BK: get one of the "older" trees now (eg the
2.5.4-pre3 one that is public). Because that will make it a lot easier and
a lot faster to just "bk pull" once the more modern trees come on-line if
you have at least a base for it.

Oh - final comment: try to pull over a fast line, and don't bog down
bkbits.net more than necessary. For example, if you are behind a modem or
a slow DSL line and you want to clone the repository and you have an
account with faster speeds, I'd suggest you _first_ clone it to that other
account, and then later clone it from there over the slow line.

(After that you can re-parent your slow one and make all further "bk
pull"s directly - getting a few days or weeks of work with a "pull" is not
too costly, but when doing the whole clone it is better to get in and get
out faster to avoid clogging up the server with lots of bkd's that are
just waiting..)

			Linus

Re: pull vs push (was Re: [bk patch] Make cardbus compile in -pre4)

[Stelian Pop]

On Sat, Feb 09, 2002 at 12:59:16PM -0800, Linus Torvalds wrote:

> Right now the "definitive" bk repository is on master.kernel.org, which
> can only be accessed by people who have accounts there.
> 
> I also push it to my private version on bkbits.net, and it is supposed to
> be automatically then pushed onwards to the public one that is at
> http://linux.bkbits.net:8080/linux-2.5, but the infrastructure for that
> isn't yet working.

Ok, understood. While waiting for a 'proper' infrastructure', maybe
a simple cron entry will do the job ? (since the bk pull from your
private tree on bkbits to the public tree on bkbits is not supposed
to ever fail or have merge errors...)

Anyway, just did a 'bk pull' once again and noticed than linux.bkbits.net
has again the latest version. Thanks! (or thanks Larry, whatever is 
more appropriate :-)).

Stelian.
-- 
Stelian Pop <stelian.pop@fr.alcove.com>
Alcove - http://www.alcove.com

Re: pull vs push (was Re: [bk patch] Make cardbus compile in -pre4)

[Larry McVoy]

> > I also push it to my private version on bkbits.net, and it is supposed to
> > be automatically then pushed onwards to the public one that is at
> > http://linux.bkbits.net:8080/linux-2.5, but the infrastructure for that
> > isn't yet working.
> 
> Ok, understood. While waiting for a 'proper' infrastructure', maybe
> a simple cron entry will do the job ? (since the bk pull from your
> private tree on bkbits to the public tree on bkbits is not supposed
> to ever fail or have merge errors...)

This is my problem.  You could help if you could tell me what exactly 
are the magic wands to wave such that you can ssh in without typing
a password.  I know about ssh-agent but that doesn't help for this, 
I know that in certain cases ssh lets me in without anything.  I thought
there was some routine where you ssh-ed one way and then the other way
and it left enough state that it trusted you, does any ssh genuis out 
there know what I'm talking about?  If I have this, I can set up the
cron job, I'm sure this is obvious and I'm just overlooking something
but I can't find it.

> Anyway, just did a 'bk pull' once again and noticed than linux.bkbits.net
> has again the latest version. Thanks! (or thanks Larry, whatever is 
> more appropriate :-)).

Yeah, I did it by hand.  Hopefully automated by the end of the day.
-- 
---
Larry McVoy            	 lm at bitmover.com           http://www.bitmover.com/lm 

Re: pull vs push (was Re: [bk patch] Make cardbus compile in -pre4)

[Stelian Pop]

On Sat, Feb 09, 2002 at 12:26:49PM -0800, Larry McVoy wrote:

> This is my problem.  You could help if you could tell me what exactly 
> are the magic wands to wave such that you can ssh in without typing
> a password. 

Set up $HOME/.shosts ? (man 1 ssh)

> > has again the latest version. Thanks! (or thanks Larry, whatever is 
> > more appropriate :-)).
> 
> Yeah, I did it by hand.  Hopefully automated by the end of the day.

Would it be possible to do something to keep the 2.4 tree up to date too ?
(something like checking if the latest incremental patch from kernel.org
was applied to the tree, and if not, apply it as a changeset and tag) ?

Stelian.
-- 
Stelian Pop <stelian.pop@fr.alcove.com>
Alcove - http://www.alcove.com

Re: pull vs push (was Re: [bk patch] Make cardbus compile in -pre4)

[Jeff Garzik]

Stelian Pop wrote:
> Would it be possible to do something to keep the 2.4 tree up to date too ?
> (something like checking if the latest incremental patch from kernel.org
> was applied to the tree, and if not, apply it as a changeset and tag) ?

Convince Marcelo to look at BK for merging :)

	Jeff, slowly getting spoiled by BK and Linus



-- 
Jeff Garzik      | "I went through my candy like hot oatmeal
Building 1024    |  through an internally-buttered weasel."
MandrakeSoft     |             - goats.com

Re: pull vs push (was Re: [bk patch] Make cardbus compile in -pre4)

[Larry McVoy]

On Sat, Feb 09, 2002 at 09:51:10PM +0100, Stelian Pop wrote:
> Would it be possible to do something to keep the 2.4 tree up to date too ?
> (something like checking if the latest incremental patch from kernel.org
> was applied to the tree, and if not, apply it as a changeset and tag) ?

Someone has to do the work, it's certainly possible.   That tree is up to date
with what Linus has done.
-- 
---
Larry McVoy            	 lm at bitmover.com           http://www.bitmover.com/lm 

Re: pull vs push (was Re: [bk patch] Make cardbus compile in -pre4)

[Pau Aliagas]

On Sat, 9 Feb 2002, Larry McVoy wrote:

> This is my problem.  You could help if you could tell me what exactly 
> are the magic wands to wave such that you can ssh in without typing
> a password.  I know about ssh-agent but that doesn't help for this, 
> I know that in certain cases ssh lets me in without anything.  I thought
> there was some routine where you ssh-ed one way and then the other way
> and it left enough state that it trusted you, does any ssh genuis out 
> there know what I'm talking about?  If I have this, I can set up the
> cron job, I'm sure this is obvious and I'm just overlooking something
> but I can't find it.

Just get the .ssh/id_dsa.pub from the client you want to allow in without 
a password and copy it inside .ssh/authorized_keys2 in the server.

ssh-agent is useful if you protect your keys with a password so that you
don't have to retype the password to unblock you own key over and over.  
Nothing to do with accessing other sites.

If you need any help just tell me.
Pau

Re: pull vs push (was Re: [bk patch] Make cardbus compile in -pre4)

[David Lang]

I just set this up between a couple machines at work and one thing we
ended up doing to get it to work was to generate a key without a
passphrase on it to use for syncing, otherwise the ssh on the machine
inititing the connection wanted a password to start the connection. you
also need to do the stuff mentioned for the receiving end so that it
doesn't ask for a password.

David Lang


 On Sat, 9 Feb 2002, Pau Aliagas wrote:

> Date: Sat, 9 Feb 2002 21:57:50 +0100 (CET)
> From: Pau Aliagas <linuxnow@wanadoo.es>
> To: Larry McVoy <lm@bitmover.com>
> Cc: linux-kernel@vger.kernel.org
> Subject: Re: pull vs push (was Re: [bk patch] Make cardbus compile in
>     -pre4)
>
> On Sat, 9 Feb 2002, Larry McVoy wrote:
>
> > This is my problem.  You could help if you could tell me what exactly
> > are the magic wands to wave such that you can ssh in without typing
> > a password.  I know about ssh-agent but that doesn't help for this,
> > I know that in certain cases ssh lets me in without anything.  I thought
> > there was some routine where you ssh-ed one way and then the other way
> > and it left enough state that it trusted you, does any ssh genuis out
> > there know what I'm talking about?  If I have this, I can set up the
> > cron job, I'm sure this is obvious and I'm just overlooking something
> > but I can't find it.
>
> Just get the .ssh/id_dsa.pub from the client you want to allow in without
> a password and copy it inside .ssh/authorized_keys2 in the server.
>
> ssh-agent is useful if you protect your keys with a password so that you
> don't have to retype the password to unblock you own key over and over.
> Nothing to do with accessing other sites.
>
> If you need any help just tell me.
> Pau
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at  http://www.tux.org/lkml/
>

Re: pull vs push (was Re: [bk patch] Make cardbus compile in -pre4)

[Pau Aliagas]

On Sat, 9 Feb 2002, David Lang wrote:

> I just set this up between a couple machines at work and one thing we
> ended up doing to get it to work was to generate a key without a
> passphrase on it to use for syncing, otherwise the ssh on the machine
> inititing the connection wanted a password to start the connection. you
> also need to do the stuff mentioned for the receiving end so that it
> doesn't ask for a password.

That's ok if you can't type the password as in batch jobs.

Pau

Re: pull vs push (was Re: [bk patch] Make cardbus compile in -pre4)

[Rob Landley]

On Saturday 09 February 2002 03:26 pm, Larry McVoy wrote:
> > > I also push it to my private version on bkbits.net, and it is supposed
> > > to be automatically then pushed onwards to the public one that is at
> > > http://linux.bkbits.net:8080/linux-2.5, but the infrastructure for that
> > > isn't yet working.
> >
> > Ok, understood. While waiting for a 'proper' infrastructure', maybe
> > a simple cron entry will do the job ? (since the bk pull from your
> > private tree on bkbits to the public tree on bkbits is not supposed
> > to ever fail or have merge errors...)
>
> This is my problem.  You could help if you could tell me what exactly
> are the magic wands to wave such that you can ssh in without typing
> a password.

You need three or four files in the .ssh directory of the account in 
question.  (This is assuming that ssh protocol 2 comes first in your 
ssh_config and sshd_config files.)

1) The file ~/.ssh/known_hosts2 lists the host keys.  If you just ssh to a 
box it'll prompt you if it should add an unknown key to the file.  (Just do 
this manually once in each direction and this file will be happy.  You can 
assemble it manually from /etc/ssh/ssh_host_key.pub if you want, but I doubt 
you need to.)

2) Generate a public/private pair of dsa encryption keys, with:

ssh-keygen -d -f ~/.ssh/id_dsa

Just press enter twice for the passphrase (you don't want one for 
passwordless sshing).

3) In the .ssh dir, copy "id_dsa.pub" to "authorized_keys2"

4) Copy the three files you just created (id_dsa, id_dsa.pub, and 
authorized_keys2) to the ~/.ssh directory on the other box.

This allows bidirectional passwordless sshing.  If you want to only ssh in 
one direction, keep the public keys (id_dsa.pub and authorized_keys2) but zap 
the private key on the appropriate box.

Now just try to ssh as the user in question.  (su username, then ssh 1.2.3.4)

If you're piping data from one box to another, you might want to use the -T 
option to tell it no controlling TTY.  (Largely a matter of personal 
taste...)  And sometimes -C "echo hello" works better than just having the 
commands explicitly on the end of the command line...

I have this working over here.  If I missed a step, email me.

Rob

Re: pull vs push (was Re: [bk patch] Make cardbus compile in -pre4)

[Andreas Dilger]

On Feb 09, 2002  12:26 -0800, Larry McVoy wrote:
> This is my problem.  You could help if you could tell me what exactly 
> are the magic wands to wave such that you can ssh in without typing
> a password.  I know about ssh-agent but that doesn't help for this, 
> I know that in certain cases ssh lets me in without anything.  I thought
> there was some routine where you ssh-ed one way and then the other way
> and it left enough state that it trusted you, does any ssh genuis out 
> there know what I'm talking about?  If I have this, I can set up the
> cron job, I'm sure this is obvious and I'm just overlooking something
> but I can't find it.

OK, so to log in or run a command on a remote machine R, from your local
machine L, you need to have a copy of your public key L:~/.ssh/identity.pub
in the file R:~/.ssh/authorized_keys.  You can have multiple keys in
R:~/.ssh/authorized_keys.  When ssh'ing from L to R, you also need to
have L:~/.ssh/identity available and possibly type in a pass-phrase if
needed (for automated systems you probably do not want a pass-phrase,
so you set it up with its own key).

Just FYI, the rest of the story goes like:

If your L:~/.ssh/identity has a pass-phrase (or if you want to do multi-
hop ssh'ing, I think) you will probably want to use an ssh-agent to hold
all of your private keys.  GDM (Gnome X login) will start ssh-agent for
you I believe, and then you have to do "ssh-add [identity file ...]" to
add one or more private keys to the ssh-agent, which will prompt you for a
pass-phrase if needed.  If you have multiple private keys (identity files)
then newer versions of ssh-add will try the same pass-phrase for all of
them before prompting you again.

Then, when you ssh over to another machine, and that machine is listed
in /etc/ssh/ssh_config or .ssh/config as "ForwardAgent yes" it will
pass on your private key(s) to a new agent started on the remote machine,
which will allow you to do passwordless ssh to another machine, etc.
Likewise, as long as you have "ForwardX11 yes" for each machine in the
chain, you will be able to start an X session at the far end and it
will tunnel through all of the ssh hops to display on L's screen.

You probably want to have a pass-phrase on all of your private keys,
because if anyone ever could read your ~/.ssh/identity file, they can
effectively do anything you can do, and connect anywhere that has your
corresponding identity.pub file in the authorized_keys file without
a password.

Note also, for most new versions of SSH, it will try SSH protocol 2
before it tries SSH 1.  This means that everywhere I said "identity"
it will use "id_dsa", "identity.pub" becomes "id_dsa.pub", and
"authorized_keys" becomes "authorized_keys2".  You can change the default
order if you want with "Protocol 1,2" in your ~/.ssh/config file, or
you can add both your L:~/.ssh/identity and L:~/.ssh/id_dsa to the
ssh-agent, and add the id_dsa.pub to authorized_keys2.

Cheers, Andreas
--
Andreas Dilger
http://sourceforge.net/projects/ext2resize/
http://www-mddsp.enel.ucalgary.ca/People/adilger/

Re: pull vs push (was Re: [bk patch] Make cardbus compile in -pre4)

[Herbert Xu]

Larry McVoy <lm@bitmover.com> wrote:

> This is my problem.  You could help if you could tell me what exactly 
> are the magic wands to wave such that you can ssh in without typing
> a password.  I know about ssh-agent but that doesn't help for this, 

Setup your key with an empty passphrase should do the trick.
-- 
Debian GNU/Linux 2.2 is out! ( http://www.debian.org/ )
Email:  Herbert Xu ~{PmV>HI~} <herbert@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Re: pull vs push (was Re: [bk patch] Make cardbus compile in -pre4)

[Alan Cox]

> a password.  I know about ssh-agent but that doesn't help for this, 
> I know that in certain cases ssh lets me in without anything.  I thought
> there was some routine where you ssh-ed one way and then the other way
> and it left enough state that it trusted you, does any ssh genuis out 
> there know what I'm talking about?  If I have this, I can set up the
> cron job, I'm sure this is obvious and I'm just overlooking something
> but I can't find it.

For the paranoid 

You ssh from the source to an untrusted chrooted nopriv uid on the target
using a ssh pass phrase and ipchains static ip rules to allow only some
IP's access

A cron or other triggered job on the receiving machine checks the GPG
signatures of the uploaded data and moves/processes it if it matches or
if the key matches blocks off that machine and ID and mails the admin.

Alan

Re: pull vs push (was Re: [bk patch] Make cardbus compile in -pre4)

[Pavel Machek]

Hi!

> > I don't see why everyone who is using BK is expecting Linus to do a pull.
> > In the non-BK case, wasn't it always a "push" model, and Linus would not
> > "pull" from URLs and such?
> 
> I'm all for it.  I think it's a good thing.
> 
> In the absence of significant latency issues, pull scales better than push.  
> It always has.  Push is better in low bandwidth situations with lots of idle 
> capacity, but it breaks down when the system approaches saturation.
> 
> Pull data is naturally supplied when you're ready for it (assuming no 
> significant latency to access it).  Push either scrolls by unread or piles up 
> in your inbox and gets buried until it goes stale.  Web pages work on a pull 
> model, "push" was an internet fad a few years ago that failed for a reason.  
> When push models hit saturation it breaks down and you wind up with the old 
> "I love lucy" episode with the chocolate factory.  Back in the days where 

What's "i love lucy" episode?
									Pavel
-- 
Philips Velo 1: 1"x4"x8", 300gram, 60, 12MB, 40bogomips, linux, mutt,
details at http://atrey.karlin.mff.cuni.cz/~pavel/velo/index.html.

Re: pull vs push (was Re: [bk patch] Make cardbus compile in -pre4)

[John Alvord]

On Mon, 11 Feb 2002 11:51:04 +0000, Pavel Machek <pavel@suse.cz>
wrote:

>Hi!
>
>> > I don't see why everyone who is using BK is expecting Linus to do a pull.
>> > In the non-BK case, wasn't it always a "push" model, and Linus would not
>> > "pull" from URLs and such?
>> 
>> I'm all for it.  I think it's a good thing.
>> 
>> In the absence of significant latency issues, pull scales better than push.  
>> It always has.  Push is better in low bandwidth situations with lots of idle 
>> capacity, but it breaks down when the system approaches saturation.
>> 
>> Pull data is naturally supplied when you're ready for it (assuming no 
>> significant latency to access it).  Push either scrolls by unread or piles up 
>> in your inbox and gets buried until it goes stale.  Web pages work on a pull 
>> model, "push" was an internet fad a few years ago that failed for a reason.  
>> When push models hit saturation it breaks down and you wind up with the old 
>> "I love lucy" episode with the chocolate factory.  Back in the days where 
>
>What's "i love lucy" episode?
>									Pavel
"I Love Lucy" was a 1950s sitcom on television, one of the first and
very good indeed.

In the episode referred to, Lucy and her friend Ethel get hired as
candy-packers in a candy factory. The candies come by on a conveyer
belt and the girls put them in boxes. Everything went smoothly... the
manager reviewed the situation, and congratulated them. Then they
increased the conveyer belt flow. After a few more cycles, the candy
was coming too fast. So they started taking the candies, stuffing them
into pockets, blouses, mouths... and the scene ends with the manager
arriving back madder then heck.

john